790878ff4d
Some checks failed
Build and Deploy Backend / build-and-deploy (push) Failing after 11m47s
53 lines
1.5 KiB
Docker
53 lines
1.5 KiB
Docker
# ============================================================
|
||
# hw-ws-service Dockerfile — 多阶段构建
|
||
# 构建阶段:Go 编译(含 CGO for libopus)
|
||
# 运行阶段:Alpine + libopus + ffmpeg(最终镜像 ~60-80MB)
|
||
# ============================================================
|
||
|
||
# ---- 构建阶段 ----
|
||
FROM golang:1.23-alpine AS builder
|
||
|
||
# 安装 CGO 编译所需的 C 工具链和 libopus 开发头文件
|
||
RUN apk add --no-cache gcc musl-dev opus-dev
|
||
|
||
WORKDIR /app
|
||
|
||
# 使用国内镜像加速,避免 proxy.golang.org 超时
|
||
ENV GOPROXY=https://goproxy.cn,direct
|
||
|
||
# 先拷贝 go.mod/go.sum 利用 Docker 层缓存(依赖未变时跳过 go mod download)
|
||
COPY go.mod go.sum ./
|
||
RUN go mod download
|
||
|
||
COPY . .
|
||
|
||
# CGO_ENABLED=1 必须开启(hraban/opus 是 CGO 库)
|
||
# -trimpath 去除本地路径信息(安全性)
|
||
# -ldflags="-s -w" 去除调试符号(缩减二进制大小)
|
||
RUN CGO_ENABLED=1 GOOS=linux \
|
||
go build \
|
||
-trimpath \
|
||
-ldflags="-s -w" \
|
||
-o hw-ws-service \
|
||
./cmd/main.go
|
||
|
||
# ---- 运行阶段 ----
|
||
FROM alpine:3.20
|
||
|
||
# 运行时依赖:
|
||
# opus — libopus 动态库(hraban/opus CGO 绑定需要)
|
||
# ffmpeg — MP3/AAC 解码为 PCM
|
||
# ca-certificates — HTTPS 请求 OSS 需要根证书
|
||
RUN apk add --no-cache opus ffmpeg ca-certificates && \
|
||
# 创建非 root 运行用户(安全最佳实践)
|
||
addgroup -S hwws && adduser -S hwws -G hwws
|
||
|
||
COPY --from=builder /app/hw-ws-service /hw-ws-service
|
||
|
||
# 以非 root 用户运行
|
||
USER hwws
|
||
|
||
EXPOSE 8888
|
||
|
||
ENTRYPOINT ["/hw-ws-service"]
|